Custom role creation

When using a Landing Zone (with or without Corporate Addon), you have the possibility to grant permissions over the Azure subscription, a specific Resource Group, or a specific Resource, using a built-inrole.

However, if you need to use a custom role, you are not allowed to create it by yourself, for security reasons, but we can create it for you.

Procedure

Build a JSON file representing the custom role definition. You can find an example in the Microsoft documentation
Open a ticket in Post-it using the Other Request template, and asking for a custom role in a Azure IaaS Landing Zone, with the JSON file attached
We will audit the role to check if it only includes authorized permissions
We will create the custom role in the next 5 days upon reception of the ticket

Additional Notes

The permissions you are not allowed to have is regarding Blueprint Management, and Policy Assignements when using a Landing Zone with Corporate Add-on

Procedure​

Additional Notes​

Procedure

Additional Notes